- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Locking down loose policies
Hello,
I'm doing some cleanup in a fortigate environment that has not been kept very tidy. There are a lot of policy openings that i dislike as they have been allowing all protocols far too often.
Now i want to crack down on these and limit some policies to only have access to the ports that are actually frequently used.
Now the proper way of doing this would be to contact various parties and get lists of ports required for the respective services and applications but i wonder if there is some tool in FMG/Fortianalyzer that might help me?
I imagine a tool to list ports accessed by a certain policy and how many hits they each have in a certain timespan.
Is that possible? or is there a better/simpler solution?
Br
Johan
Solved! Go to Solution.
- Labels:
-
FortiAnalyzer
-
FortiGate
-
Port policy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Johan,
FortiGate does things differently than other vendors. Creating policies per ports is a waste of resources including time for managing them. What is the closest you can get to that is to use Application control or Internet Service database. Application control scans the traffic content (deep inspection strongly recommended), while Internet Service restricts access to specific IPs and ports.
Hope this helps.
- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi RSJohan,
If you have FortiAnalyzer. you can use Fortiview to check the sessions and from there you will be able to check what ports are used. Keep adding a Firewall Policy at the top and then monitor the original policy if there is still a hit and then disable it.
FCP-NS, FCP-PCS, FCP-SO, FCSS-NS, FCSS-PCS, FCSS-SASE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was looking for a way to get more of a summary than scrolling through the logs.
Guess I could download the logs and summarize them in excel, unfortunatly i'm missing the download button in my fortianalyzer, but that may be another thread ;)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Johan,
FortiGate does things differently than other vendors. Creating policies per ports is a waste of resources including time for managing them. What is the closest you can get to that is to use Application control or Internet Service database. Application control scans the traffic content (deep inspection strongly recommended), while Internet Service restricts access to specific IPs and ports.
Hope this helps.
- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -